GLOBAL PERSPECTIVES AND INSIGHTS

(1)

GLOBAL PERSPECTIVES AND INSIGHTS

5G and the Fourth Industrial Revolution

Part I

(2)

Advisory Council

Nur Hayati Baharuddin, CIA, CCSA, CFSA, CGAP, CRMA –

Member of IIA–Malaysia Lesedi Lesetedi, CIA, QIAL – African Federation IIA Hans Nieuwlands, CIA, CCSA, CGAP – IIA–Netherlands

Karem Obeid, CIA, CCSA, CRMA – Member of IIA–United Arab Emirates

Carolyn Saint, CIA, CRMA, CPA – IIA–North America

Ana Cristina Zambrano Preciado, CIA, CCSA, CRMA – IIA–Colombia

Previous Issues

To access previous issues of Global Perspectives and Insights, visit www.theiia.org/GPI.

Reader Feedback

Send questions or comments to globalperspectives@theiia.org.

About The IIA

The Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate, educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today serves more than 200,000 members from more than 170 countries and territories. The association’s global headquarters are in Lake Mary, Fla., USA. For more information, visit

www.globaliia.org.

Disclaimer

The opinions expressed in Global Perspectives and Insights are not necessarily those of the individual contributors or of the contributors’ employers.

Copyright

(3)

Introduction

If all goes as planned, experts say that in as little as two years, the next generation of mobile connectivity will be a reality, and it promises to be the quantum leap in the world of technology. It will usher in a “connected- everything” world defined by lightning-fast downloads, ubiquitous connectivity, and data volume in trillions of bytes.

As smartphones, smart TVs, virtual assistants, and other digital devices become smarter and more numerous —

and their applications generate more and more data — the wireless networks that connect them must be large enough, strong enough, and reliable enough to keep pace. To meet the growing need for

connectivity and speed, telecommunications giants such as Verizon, AT&T, Sprint, Deutsche Telekom and Vodafone have moved quickly to roll out the much-anticipated successor to 4G and LTE mobile

communications — the fifth generation of wireless network technology known as 5G.

Experts say 5G will do much more than just improve the devices that make our lives more convenient, such as asking your smart home to order dinner or turn down the lights. It will enable unprecedented growth in the capacity to communicate data, opening the door to previously unimagined services and applications. Its performance promises high data rates, reduced latency, energy savings, cost reductions, higher system capacity, and massive device connectivity — everything one would expect from a

revolution in wireless innovation. But as with all new technology, 5G will have to overcome

implementation challenges, from building supporting infrastructure, to costs of adoption, to legal and regulatory tests.

Risk managers should be aware that 5G will be every technology pro and con rolled into one package. As a risk to be leveraged, 5G offers unprecedented connectivity and data collection capabilities that could enable new technologies, such as virtual surgery and driverless cars. However, it will also enable

disruptive technologies; create new challenges for collecting, managing, deciphering, and protecting data;

and create new cybersecurity concerns.

This Global Perspectives and Insights report, Part I of a two-part series, looks at 5G’s potential impact and breaks down what organizations need to know in order to prepare. Watch for Part II of the series,

“Managing in a ‘Connected-everything World’,” which discusses the implications for organizations and internal audit.

“What is now proved was once only imagined.”

– William Blake Poet (1757-1827)¹

(4)

The Technology

Each generation of wireless technology has delivered on the promise of faster, more reliable cellular and internet connectivity. The fifth generation of mobile technology greatly expands the promise by

exponentially increasing the amount of data that can be collected. Where current discussions about data collection involve gigabytes (billions of bytes), the new technology will enable data collection in zettabytes (trillions of gigabytes). This long-awaited tech revolution will enable organizations to collect massive amounts of data to inform strategic business decisions and integrate intelligent data into everything.

Handling Big Traffic

5G will signal a digital transformation that will profoundly change the shape of business. When it arrives, this technology projected to utilize a higher- frequency band of the wireless spectrum that allows massive amounts of data to be transferred much more rapidly than the lower-frequency band dedicated to 4G and LTE. For example, the total of all digital imaging, entertainment, productivity, and voice usage will grow from the 33 zettabytes recorded in 2018 to as much as 175 zettabytes by 2025, assuming an aggressive 5G launch by 2020.³

In addition to its promise of speed, strength, improved reliability, and intelligence, ubiquitous device

connectivity is where 5G could have its greatest impact.

For example, the current 4G and LTE technology limits

connectivity to about 100,000 devices per square kilometer, whereas 5G promises a tenfold increase to 1 million connected devices in the same space delivered at speeds 200 times faster. As early as 2020, the onset of the 5G era, it is estimated that there will be as many as 50 billion connected devices generating 4.4 zettabytes of data.

This fifth generation technology will redefine network infrastructure through “network slicing,” which is the ability to offer customized networks for specific uses and provide greater insight into network resource utilization. For example, applications like remote operation of machinery, telesurgery, and smart metering all require connectivity, but with vastly different characteristics. New wireless technologies such as network slicing provide the basis for logical networks that are customized to meet the needs of each application, which allow new products and services to be brought to market rapidly and easily adapted to fast-changing demands.⁴

This evolution in the technology is based on the subdivision of physical infrastructure into virtual platforms using a technique known as network functions virtualization (NFV). Instead of being forced to adopt the conventional “one-size-fits-all” network architecture, where all devices and services share the same pipeline, 5G lets engineers design targeted, application-oriented networks in software without service interruption, disruption, or extensive planning.⁵

A zettabyte = big traffic

 A zettabyte is a measure of storage capacity and is 2 to the 70th power bytes, also

expressed as 10²¹

(1,000,000,000,000,000,000,000 bytes) or 1 sextillion bytes.

 One zettabyte is approximately equal to a thousand exabytes, a billion terabytes, or a trillion gigabytes.²

(5)

It is anticipated that smart devices in particular will see a major boost in their utility and capability. This capability will let organizations customize networks with a variety of devices and services. Cell phones, internet of things (IoT) sensors, enterprise applications, and any other device that has a chip in it will be connected to the network, at all times. Service providers can personalize their networks for smart homes, smart cars, smart worksites, or entire smart cities — incorporating the bandwidth, security, or latency required for each. Overall, it will provide better service quality and a better network experience for developers and users.

The same companies that power cell phones today will be the ones bringing consumers 5G. While the actual 5G radio system, known as 5G-NR, is not compatible with 4G, all 5G devices — at least initially in the U.S. — will need 4G to make the initial connections before trading up to 5G where it's available.⁶ But 5G is not all about cell phones and speed. The transition to 5G will also affect other devices, including industrial robots, security cameras, virtual reality (VR) applications, drones, and cars, creating a big shift in how many cell sites are required and how many devices can connect to one. Faster networks could help spread the use of artificial intelligence (AI) and other cutting-edge technologies, as well.⁷

While 5G is expected to lead to the creation of three million new jobs, $275 billion in direct investment, and $550 billion in economic growth, according to CTIA, it may also lead to an elimination of jobs, as the technology is expected to transform specific business models, and elevate the need to change from lower-skilled to higher-skilled labor.⁸

For example, the Nokia Corporation announced in February that, while it has achieved early success in 5G and has secured a number of operator deals, the company will need to reduce its operating expenses by as much as $799 million per year by the end of 2020. It will do so through systems automation, simplified processes, significant cuts in its workforce, and by focusing on its mobile networks business.⁹ It also will prioritize its research and development on 5G and stop investing in legacy products.¹⁰

Addressing Data Analytics

As 5G takes the stage, high-caliber data analytics will become more valuable and necessary for organizations awash in greater volumes of data. Accordingly, there will be growing demand for those with data analytics skills who can break down volumes of data and rebuild it in smaller chunks, and extract meanings and

understandings for business operations. Data analytics also provides internal auditors the capability to analyze total populations and potential correlations, therefore improving assurance ability and the opportunity to provide insight and foresight.

Audit Focus

IIA Standard 1220: Due Professional Care

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility.

1220.A2 – In exercising due professional care internal auditors must consider the use of

technology-based audit and other data analysis techniques.

(6)

When adopting 5G, senior management and internal audit should be aware that significant increases in the amount of data being collected can expose the organization to additional data-related financial and nonfinancial risks:

 Data and Information Quality. Decision-makers need data that communicates and promotes an understanding of the complex. There must be clear definitions and quality standards for all data and information.

 Data and Information Compliance. Failure to comply with the requirements of an authorized and recognized agent (usually state, federal, or international) can lead to an adverse result such as financial penalties, additional work, or personal liability.

 Data and Information Governance. Data and information must be carefully controlled through the use of risk-management principles and processes at the appropriate levels to ensure privacy, security, quality, and auditability.

 Inappropriate, Careless or Premature Use of Analytics. Analytics tools and methods are not always practical, and decisions informed by analytics need scrutiny. For example, analytics will not be helpful when there is no time for gathering, processing, and interpreting data; when there is no history or precedent related to the decisions; when historical data is misleading; or when key variables cannot be measured or have high degrees of uncertainty.

o Things that are easily measured should not receive more attention than things that are difficult to measure.

o Barriers to realizing better returns on “big data” investments and analytics include:

 Analytics skills are concentrated in too few employees.

 Reliable information is hard to locate.

 Management fails to manage data as well as it manages talent, capital, and the brand.

 Countercultural Impact. Imposing analytics initiatives in an organizational culture that is not data- oriented can pose significant risk. Analytics initiatives should include an assessment of the organizational decision-making system and the degree to which organizational culture is data- oriented.

o More than 87 percent of organizations are classified as having low business intelligence and analytics maturity, which creates obstacles for organizations that want to increase the value of their data assets and exploit emerging analytics technologies.¹¹

o While the importance of data analytics has been largely embraced by the internal audit community, there remains a gap between its perceived importance and the level of knowledge audit teams require to understand it. For example, in the 2018 North American Pulse of Internal Audit survey, only 62 percent of responding CAEs said they “strongly” or “somewhat agreed”

with the statement that their audit team collectively possessed the knowledge, skills, and other competencies needed to perform audits involving data mining/analytics.¹²

 Data Ethics. Data analytics initiatives should align with the organization’s core values, decision- making, and behaviors. Controls should be in place to ensure the ethical collection and usage of data.

o Creating and managing processes, policies, and information is ongoing, and includes strategies, activities, skills, and technologies designed to accelerate positive business outcomes. In other words, good governance is critical when attempting to shift organizational culture to data-based decisions and outcomes.¹³

(7)

Handling Big Automation

Automation comes in different forms when addressing different challenges, and 5G requires a “rethink” of network architecture, security, cloud platforms, big data analytics, and business models. While 5G

technology does not redesign factory production lines or define industrial processes, it can enable new operating models once it is embedded in the industrial automation process.

As shown in Exhibit 1, 5G has three key differentiators that put it far ahead of the previous generations for automation:

Exhibit 1: Key Differentiators for 5G

Super-low latency for remote operation

One-millisecond latency opens up a world of possibilities in all industries — real-time visual and haptic, or sense of touch feedback means being able to trust even the most delicate tasks to a remote operator.

IoT ecosystem

Connectivity will improve in rural areas that have previously been dead zones, opening up more opportunities for collecting data from (and delivering services to) smart homes, wearables, and mobile devices.

Anywhere and everywhere connectivity

Connectivity will provide reliable, high-capacity connectivity in a larger area.

With global standards currently being established for 5G, mobile workers will have improved connectivity even when working abroad.

Source: Sprint Business¹⁴

The improved automation can be used in a variety of ways in different industries. In manufacturing, for example, the networks will make it possible to build smart factories and take advantage of technology (automation, AI, augmented reality, and the IoT); support critical applications that require low latency and high reliability; secure pervasive connectivity through high bandwidth and connection density without a fixed-line network; and provide higher flexibility, lower costs, and shorter lead times for factory floor production reconfiguration, layout changes, and alterations.

In healthcare, automation could help make over processes through mobile health delivery, personalized medicine, and social media applications. It also could play a significant role in improving the reliability of transporting sensitive and private medical data.

Electrical power distribution and central power generation could be transformed by 5G, leading to a more resilient, less wasteful, and more affordable energy market. The technology has the potential to mitigate outages and support more renewable energy sources. This includes rapid detection and response to spikes in demand, and an advanced degree of data gathering and energy forecasting across individual facilities and supply chains. In addition, wind-based utility companies will be able to reduce the number of personnel put in harm's way to inspect and maintain turbines.¹⁵

However, automation also can create challenges in the midst of opportunities. For example, overly ambitious projects may expose an organization to excessive risk. For this reason, internal audit must assess whether automation projects are aligned with corporate strategy. It is likely that internal audit will be called upon to determine if intelligent automation is worth undertaking, and then identify the risks associated with related initiatives. If internal audit finds it is worth the risk, it can support planning to ensure proper governance, controls, and monitoring are in place.

(8)

But if internal audit is to succeed in this area, it will have to address its past difficulties with adopting and adapting to innovation. This is especially true as it relates to adopting various types of automation tools, leveraging them to improve performance, and finding the proper balance between human professionals and non-human automation.¹⁶

Joseph Morgenstern, senior manager in IT and internal audit advisory services at Ernst & Young, says that robotics process automation (RPA) can “assist” internal audit, and that internal audit can play a role in identifying opportunities to embed audit automation control activities within business processes and functions such as:

1. Data gathering and cleansing for analytics.

2. Risk assessment.

3. Population gathering.

4. Automation of controls.

5. Internal audit project management office (PMO).¹⁷

It will be vital for internal audit to embrace intelligent automation in the 5G era because it is anticipated that the technology will allow industrial processes to be monitored and controlled with a level of precision never seen before. This heightened precision can not only help detect quality issues and prevent defects, it also could boost safety on the manufacturing floor, save money, and potentially improve an

organization’s reputation.

In the midst of this, internal audit’s early involvement is vital. It can help organizations evaluate, understand, and communicate the degree to which AI and RPA will effect the organization’s ability to create value in the short, medium, and long term.¹⁸ As organizations adopt AI, RPA, and similar

technologies, internal audit should identify, assess, and monitor the risks that accompany them. This will require an understanding of the new risks and the need for well-designed controls, and practitioners should seek out tools and resources, such as The IIA’s AI Auditing Framework, to help them provide this service.

Ideally, practitioners should become well-versed on the technology before 5G officially arrives. Internal audit should position itself to help senior management understand how stores of data are collected, managed, protected, and harnessed. But it must first understand and leverage analytics tools to access and understand data, streamline and automate processes, and improve insight and analysis.

(9)

The Challenges

With all the greatness that 5G promises, there are challenges, concerns, and potential downsides for both carriers that provide 5G and for organizations that wish to embrace the technology. These challenges include data storage, management, analysis, protection, cost, and the overhaul of communications infrastructure.

Transformations and a New Approach

Because of 5G’s potential to transform organizations, many will view adoption as a “race.” This invariably will accelerate timelines, and with acceleration comes risk. For example, in order to deliver rich, smooth experiences to consumers, early adopters will have to obtain the right equipment that operates to the proper specifications. They will have to, at a minimum, get a limited network up and running, as well as ensure that the equipment and devices will connect from one manufacturer to another. They will also have to install networks to serve subscribers and devices — all while training personnel and trying to keep costs down.¹⁹ An accelerated timeline drawn from a desire to be “first” dramatically compresses the research and development period, increasing the risk of errors, security breaches, and the potential failure to deliver the new experiences promised.

Because 5G uses different frequency bands, early adopters will have to pay for and install new antenna systems, which are expected to be expensive. Large organizations will be best positioned to take

advantage of the 5G roll-out, despite the cost. However, smaller organizations may not be able to absorb the cost for 5G’s new “bells and whistles,” and will have to rely on 4G and LTE networks.

Even so, adopting 5G a little later in the game may not prove to be a serious competitive disadvantage.

Smaller organizations will still be able to run efficiently using previous generations of networks for a time.

For the foreseeable future, 5G will need to coexist with 4G and LTE. Operators will need to ensure they can continue to run 4G devices, and subscribers will expect the same optimal 4G experience.

Besides the potential for technological risks, there is also financial risk to consider. As long as the industry is still in the spending cycle for 4G, the cost of accelerating 5G requires new capital investment and cost efficiencies. The financial risk begins with the developers, but will almost certainly trickle down to organizations that adopt 5G. Other financial risks include:

 New architecture, new complexity. 5G will introduce an important paradigm shift, evolving networks to a completely new architecture featuring a new core, new radio, new spectrum, and new devices and chipsets.

 Being all things to all users. The range of options puts pressure on networks to be all things to all users, including the need to simultaneously service consumers and industry verticals (e.g.

transportation, high-value manufacturing, healthcare, agriculture, smart cities).

 Lofty goals and huge expectations. 5G needs to deliver on the goals of massive improvements in data rates, device density, traffic capacity, output, latency, and spectrum efficiency. Consumers will base their willingness to pay for 5G on how they experience it, while industries will judge it based on proof 5G can deliver new capabilities and quality of service.

(10)

 New radio, new frequencies. The complexity introduced by new radio is significant. These new frequencies offer huge potential in regard to capacity, but the use of these frequencies is challenging due to limited propagation and penetration.

 Network virtualization. The ability to mix vendors is one of virtualization’s benefits, but it also could become one of its greatest hurdles. As of today, there is no unified, rigorously defined standard to guarantee interoperability, nor a methodology to assure continuous and consistent performance.

 Security: The massive increase in connected devices and the transformation of traditional computing into something more scalable (virtualization) and usable will exacerbate security threats.²⁰

Human Rights, Property Value, and Human Health Concerns

The increased push for organizations to be socially responsible and protect human rights represents another potential challenge with 5G. Additionally, the space demands created by the new 5G infrastructure has citizens in some regions concerned about its potential impact on private property rights and property values.

Neighborhoods will see a proliferation of taller, wider antennas for the 5G equipment required to achieve desired densities. Wireless companies in the U.S. plan to install about 300,000 new “small cell” antennas — as little as 500 feet apart — in urban areas, roughly equal to the total number of cell towers built over the past three decades.²² According to some reports, each small cell installation will include ground level, metal electronics cabinets ranging in size from a trashcan to a refrigerator weighing hundreds of pounds.²³

Such a situation has resulted in increased tensions

between federal, state, and local government entities. For example, in a prepared statement, U.S.

Conference of Mayors CEO & Executive Director Tom Cochran outlined the conference’s opinion of the Federal Communications Commission’s role in allowing for the proliferation of such equipment:

“The U.S. Conference of Mayors strongly opposes recent proposals by the Federal Communications Commission to grant communications service providers subsidized access to local public property and to dictate how local governments manage their own local rights-of-ways and public property. This

unprecedented federal intrusion into local (and state) government property rights will have substantial adverse impacts on cities and their taxpayers, including reduced funding for essential local government services, as well as an increased risk of right-of-way and other public safety hazards.”²⁴

Other communities have expressed concern over possible health impacts associated with the

electromagnetic fields emitted by 5G infrastructure. For example, in an appeal to the European Union (EU), more than 180 scientists and doctors from 36 countries warn about the dangers of 5G, which they believe will lead to a massive increase in involuntary exposure to electromagnetic radiation.

“If it’s not already in your neighborhood, it’s coming.

Instead of relying on large cellphone towers spread far apart, they need ‘small cell’

sites that are much closer together.”

— Melissa Arnoldi President of technology and operations for AT&T²¹

(11)

In the U.S., a coalition of organizations is calling on the FCC to delay deployment of 5G infrastructure pending more health studies, citing “emerging science linking exposure to radiofrequency (RF) (microwave) radiation with serious biological harm.”²⁵ These concerns have prompted several Bay Area cities to pass ordinances halting installation of 5G infrastructure.

The issue of cellular phone use and cancer risks has been studied for more than two decades, with emphasis on radiofrequency radiation emitted by cell phones and towers, as well as increased cell phone usage. To date, no case-control, cohort, or epidemiological study has found statistically significant links, according to the National Cancer Institute at the National Institutes of Health.²⁶ Data on the incidents of cancer also has been analyzed over time to see if the rates of brain tumors changed in large populations during the time that cell phone use increased dramatically. These studies have not shown clear evidence of a relationship between cell phone use and cancer.

Still, it is critical that the deployment of 5G does not overlook potential environmental damage and human rights. Environmental, health and safety (EHS) internal auditors can offer an independent perspective on ongoing progress made to improve operations and limit

environmental and social harm. Regulators will continue to focus on responsible stewardship, and EHS internal auditors can be an asset to those deploying 5G technology by focusing on the basic rules around EHS issues and understanding long-term trends and public attitudes.

Cybersecurity and Data Privacy

For years, cybersecurity has been a high-priority risk, and cybercrime continues to explode. In the 5G world, cybersecurity challenges and risks will continue to grow as more data pours in and is processed faster than ever before. Past and current data protection practices have not been fully effective, as evidenced by the most-recently recorded (and reported) data breaches of 2017 and 2018, as well as the predictions of advanced forms of breaches for 2019.²⁷

As a result, there has been a proliferation of new regulations dealing with data privacy and protection, such as the European Union’s General Data Protection Regulation.²⁸ Similar legislation in China, Brazil and California is set to go into effect in 2019 or 2020, which organizations should consider when developing their marketing strategies and plans. Internal audit can support compliance efforts on the new regulations, and help organizations understand the work that is required to avoid potentially costly violations.

Audit Focus

IIA Standard 2130: Control

The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement.

2130.A1 – The internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance,

operations, and information systems regarding the:

 Achievement of the organization’s strategic objectives.

 Reliability and integrity of financial and operational information.

 Effectiveness and efficiency of operations and programs.

 Safeguarding of assets.

 Compliance with laws, regulations, policies, procedures, and contracts.

(12)

As pressure is applied to boards to provide sufficient oversight on cybersecurity practices, pressure is also placed on internal audit to provide assurance. As the third line of defense, internal audit will be expected to evaluate governance in this area and provide assurance on the internal management of this risk so that organizations can mitigate disruptive forces and activities.

In his January 20, 2019 blog post, IIA President and CEO Richard Chambers reminds his readers that the coming 5G revolution makes the need for internal audit’s transformation even more urgent. Referring to the 2018 North American Pulse of Internal Audit report, he cites four steps necessary for the profession to adapt and thrive in a technology-enabled world:

 Become agile.

 Pursue innovation.

 Redefine its talent.

 Inspire board engagement.³⁰

Internal audit can play an important role in a holistic cybersecurity program. However, in order to fulfill that role effectively, there must be knowledge and awareness of the possible risks. This can be accomplished by focusing on trends, staying abreast of changes in regulations, and strengthening the understanding of effective

cybersecurity controls. Internal auditors need to be able to quickly identify would-be disruptions and determine which ones warrant immediate and/or further attention.

Risk assessment strategies should be developed with regard to all risks specific to cybersecurity, and ensure compliance with established policies and internal controls, including defining risk, cybersecurity domains, roles, and responsibilities.³¹

“Complicating the issue further is the burgeoning global data privacy movement. Even in the most positive light, 5G will be a massive technological disruptor and require organizations to rethink how they gather, use, and protect data.”

—Richard Chambers, CEO and President of The IIA²⁹

(13)

Closing Thoughts

While the predicted start of the 5G era remains more than a year away, it would be difficult to overstate the impact that it will have on everyone and everything, from the average citizen, to the smallest organization, to the most powerful governments. This new technology, once in the realm of science fiction, will soon be reality, and it is expected to bring dramatic transformations to all industries.

The next technological revolution will enable unprecedented insights and unleash capabilities that will change what we do and how we do it. As it matures, 5G is expected to alter the very DNA of the user experience — from leisure activities and healthcare procedures, to retail and manufacturing, to finance and beyond. As such, organizations need to prepare today by learning how best to leverage its capacities and understand the related challenges.

Internal auditors and risk managers must recognize that while 5G offers unprecedented connectivity, it will also open the door to new challenges and disruptions. It is vital for internal auditors to learn all they can about 5G and embrace existing data analytics technology before 5G arrives in order to provide uninterrupted advisory and assurance services to organizations when it arrives. The 5G revolution will test any profession that struggles with innovation, agility, and change. Indeed, the 5G revolution will make the evolution of internal auditing even more urgent.

Glossary

5G — The fifth generation of wireless communications technology.

latency — The time it takes for a source to send a packet of data to a receiver.

network slicing — The ability to offer customized networks for specific uses and provide greater insight into network resource utilization.

network virtualization — The process of combining hardware and software network resources and network functionality into a single, software-based administrative entity – a virtual network.

network programmability — A set of tools to deploy, manage, and troubleshoot a network device.

network functions virtualization (NFV) — A network architecture concept that uses the technologies of IT virtualization to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create communication services.

5G-NR (fifth generation new radio) — The global standard for a unified, more capable 5G wireless air interface.

internet of things (IoT) — A sensor network of billions of smart devices that connect people, systems and other applications to collect and share data.

artificial intelligence — The theory and development of computer systems able to perform tasks that normally require human intelligence

robotics process automation — An application of technology, governed by business logic and structured inputs, aimed at automating business processes.

(14)

Notes

1. John Walson, “The 101 Best (And Most Inspiring) Quotes On Innovation,” ResourcefulManager, 2016, https://www.resourcefulmanager.com/innovation-quotes/.

2. Thomas Barnett, Jr., “The Zettabyte Era Officially Begins (How Much is That?),” Cisco, September 9, 2016, https://blogs.cisco.com/sp/the-zettabyte-era-officially-begins-how-much-is-that.

3. David Reinsel, John Gantz, and John Rydning, “The Digitization of the World: From Edge to Core” (Framingham:

International Data Corporation, 2018), https://www.seagate.com/our-story/data-age-2025/.

4. “Network Slicing,” Ericsson, https://www.ericsson.com/en/digital-services/trending/network-slicing.

5. Doug Suriano, “The Future Of Networking Is 5G: Businesses Must Prepare Now,” Forbes, September 24, 2018, https://www.forbes.com/sites/oracle/2018/09/24/the-future-of-networking-is-5g-businesses-must-prepare- now/#67910a0c5c48.

6. Eric Zeman, “What is 5G? A Guide to the Transformative Wireless Tech That's Being Hyped to Change Everything,”

Fortune, October 9, 2018, http://fortune.com/2018/10/08/what-is-5g/.

7. Doug Clark, “What Is 5G? Here’s What You Need to Know About the New Network,” New York Times, Dec. 31, 2018, https://www.nytimes.com/2018/12/31/technology/personaltech/5g-what-you-need-to-know.html.

8. “The Race to 5G,” CTIA, 2019, https://www.ctia.org/the-wireless-industry/the-race-to-5g#section-4.

9. Merriam-Webster, s.v. “automation,” Accessed March 28, 2019, rhttps://www.merriam- webster.com/dictionary/automation.

10. Ken Martin, “Nokia to cut jobs in focus on 5G,” Fox Business, October 25, 2018, https://www.foxbusiness.com/markets/nokia-to-cut-jobs-in-focus-on-5g.

11. Gartner, “Gartner Data Shows 87 Percent of Organizations Have Low BI and Analytics Maturity,” news release, December 6, 2018, https://www.gartner.com/en/newsroom/press-releases/2018-12-06-gartner-data-shows-87- percent-of-organizations-have-low-bi-and-analytics-maturity.

12. Survey for 2018 North American Pulse of Internal Audit, Q19: Please Indicate your level of agreement that your audit team collectively possesses the knowledge, skills, and other competencies needed to perform in each of the following areas. n = 636.

13. “2018: Top Risks Faced by Chief Audit Executives” (Lake Mary: Institute of Internal Auditors, Global Perspectives and Insights, 2018), PDF can be accessed at https://na.theiia.org/periodicals/Public%20Documents/GPI-2018-Top- Risks-Faced-by-CAES.pdf.

14. Joseph Martin, “Next-generation digital: the impact of 5G on business transformation,” Sprint Corporation, January 18, 2018, https://business.sprint.com/blog/5g-business-transformation/.

15. Nathan Sykes, “The 5G Future of Energy,” Energy Central, January 7, 2019, https://www.energycentral.com/c/iu/5g-future-energy.

16. “Leveraging Analytics and Data Visualization Techniques” (Lake Mary: Institute of Internal Auditors, Financial Services Audit Center, 2018), PDF can be accessed at https://dl.theiia.org/FSAC/Leveraging-Analytics-and-Data- Visualization.pdf.

17. “5 Ways Robotics Process Automation Can Assist Internal Audit,” AuditBoard, June 5, 2018, https://www.auditboard.com/blog/5-ways-robotics-process-automation-can-assist-internal-audit/.

18. “The IIA’s Artificial Intelligence Auditing Framework” (Lake Mary: Institute of Internal Auditors, Global

Perspectives and Insights, 2017), PDF can be accessed at https://na.theiia.org/periodicals/Public%20Documents/GPI- Artificial-Intelligence-Part-II.pdf.

(15)

19. Sameh Yamany, “When 5G Hype Becomes Reality,” Forbes, January 8, 2019,

https://www.forbes.com/sites/forbestechcouncil/2019/01/08/when-5g-hype-becomes-reality/#4ee69d6682f6.

20. Stephen Douglas, “6 Challenges of 5G, and the 9 Pillars of Assurance Strategy,” TechZone360, September 17, 2018, https://www.techzone360.com/topics/techzone/articles/2018/09/17/439540-6-challenges-5g-the-9-pillars- assurance-strategy.htm#.

21. “5G service is coming – and so are health concerns over the towers that support it,” CBS News, May 29, 2018, https://www.cbsnews.com/news/5g-network-cell-towers-raise-health-concerns-for-some-residents/.

22. lbid.

23. “Top 20 Facts On 5G: What You Need To Know About 5G Wireless And ‘Small’ Cells,” Environmental Health Trust, https://ehtrust.org/key-issues/cell-phoneswireless/5g-internet-everything/20-quick-facts-what-you-need-to-know- about-5g-wireless-and-small-cells/.

24. Sara Durr, “Statement by U.S. Conference of Mayors CEO & Executive Director Tom Cochran on FCC’s Order Proposing to Usurp Local Property Rights,” The United States Conference of Mayors, September 10, 2018, https://www.usmayors.org/2018/09/10/statement-by-u-s-conference-of-mayors-ceo-executive-director-tom- cochran-on-fccs-order-proposing-to-usurp-local-property-rights/.

25. Jason Plautz, “Grassroots coalition asks FCC to slow 5G expansion over health concerns,” SmartCitiesDive, September 24, 2018, https://www.smartcitiesdive.com/news/grassroots-coalition-asks-fcc-to-slow-5g-expansion- over-health-concerns/532992/.

26. “Cell Phones and Cancer Risk,” National Cancer Institute at the National Institutes of Health, Updated January 9, 2019, https://www.cancer.gov/about-cancer/causes-prevention/risk/radiation/cell-phones-fact-sheet.

27. Heidi Daitch, “2017 Data Breaches – The Worst So Far,” IdentityForce, December 14, 2017,

https://www.identityforce.com/blog/2017-data-breaches; Lily Hay Newman, “The Worst Cybersecurity Breaches of 2018 So Far,” Wired, July 19, 2018, https://www.wired.com/story/2018-worst-hacks-so-far/.

28. “2018 reform of EU data protection rules,” European Commission,

https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data- protection-rules_en.

29. Richard Chambers, “The Challenges to Internal Audit in a Zettabyte World” Chambers on the Profession: Seasoned Reflections on Relevant Issues (blog), Internal Audit, January 20, 2019,

https://iaonline.theiia.org/blogs/chambers/2019/Pages/The-Challenges-to-Internal-Audit-in-a-Zettabyte-World.aspx.

30. “2018 North American Pulse of Internal Audit” (Lake Mary: Institute of Internal Auditors, 2018), 25, PDF can be accessed at https://dl.theiia.org/AECMember/2018-NA-Pulse-of-Internal-Audit-The-Internal-Audit-Transformation- Imperative.pdf.

31. “2018: Top Risks Faced by Chief Audit Executives” (Lake Mary: Institute of Internal Auditors, Global Perspectives and Insights, 2018), PDF can be accessed at https://na.theiia.org/periodicals/Public%20Documents/GPI-2018-Top- Risks-Faced-by-CAES.pdf.

(16)

GLOBAL PERSPECTIVES AND INSIGHTS